Securing your home office technology not only protects your personal data, but also your nonprofit’s or small business’s entire network. We’ve developed a home office security checklist, as well as tips and best practices, to help you integrate some of the most critical tools to stay safe and secure while you work from home during the COVID-19 crisis. Check back frequently – we will cover a new topic or two on this checklist every few days. Below is the third article in our short series and it covers password management and local administrator rights.
HOME OFFICE SECURITY CHECKLIST
- Secure Your Wi-Fi (Covered in Part One)
- Protect Internet Browsing with a DNS Provider (Covered in Part One)
- Update Your Operating System to the Latest Version (Covered in Part Two)
- Install and Use the Latest Antivirus/Malware Protection and Other Critical Updates (Covered in Part Two)
- Develop Strong Passwords and use a Password Management Tool
- Move Administrator Rights to a Separate Account
- Use Cloud Backup
Develop Strong Passwords and Limit Local Administrative Rights
The most secure passwords are long, include special characters, do not repeat between accounts, and do not have personal information.
Here are some tips for generating secure passwords:
- Generate a different and secure password for each online account
- Make a random 2 to 4 word paraphrase that does not include any elements from your name, organization, address or any information associated with you (see our article on the The World’s Most Hacked Passwords)
- When generating your own password, it should contain upper and lowercase letters, punctuation, a number and be a minimum of 14 characters long
- Change your password when prompted by your online account
- Do not store your password list in the cloud, such as on Google Docs or Dropbox
There are several password management solutions that can help you both generate and manage secure passwords for your online accounts. Lastpass offers free and premium password generation and management services. With Lastpass you only need to remember one master password to access the other passwords it encrypts and stores for you. A good, free tool is xkpasswd which can help generate strong passwords.
In addition to developing strong passwords, you should enable two-factor authentication whenever offered, prioritizing mailboxes and financial accounts. Two-factor authentication is an extra layer of security that requires not only a password and username, but also something that only that user has on them, i.e. a piece of information only they should know or have immediately at hand. It is worth the time to provide a second credential, such as your mobile phone number or an alternative email account, for the added protection.
Even with the best passwords, local administrator rights (LAR) can be a serious vulnerability for some organizations. LAR is the highest level of permission that is granted to a computer user. This level of permission typically allows the user to install software and change configuration settings, allowing someone the ability to shut off the security controls used to protect an organization’s systems, including password controls and anti-malware software. Unapproved software could also be installed, breaking critical applications and causing disruption and downtime. A company can also be exposed to malware, including a number of different phishing scams that can deliberately run code on systems with full permissions if someone inadvertently clicks on a malicious link or opens infected email content. Auditors also frown upon the practice because of its inherent risk.
IT best practices dictate that employees not be given local administrator rights (LAR). For those managing technology and need LAR, we recommend developing a separate username and password, unique from that of the administrator, for an additional layer of security.
